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(54) Encrypted data signal, data storage medium, data signal playback appa ratus, and data signal 
recording apparatus 



(57) Playing a data signal from an illegally produced 
data storage medium can be effectively disabled regard- 
less of the type of storage medium so that copying can 
be prevented effectively at low cost. An encrypted data 
signal encrypting a copy-controlled data signal has su- 



perimposed thereto as a digital watermark identification 
data identifying the data signal as an encrypted signal. 
A data storage medium records this encrypted data sig- 
nal, a data signal player reproduces the signal, and a 
data signal recorder records the signal. 
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Description 

BACKGROUND OF THE INVENTION 

1 . Field of thefUw^ntTO^^i^^^ ^ 

[0001] The present invention relates to technology for 
restricting the unauthorized duplication of a data signal 
containing digitized copyrighted material, including vid- 
eo and audio data, when recording to a data storage 
medium, and to technology for restricting playback from 
a data storage medium containing unauthorized copies 
of such copyrighted material. 

2. Description of Related Art 

[0002] Copyright infringement resulting from the un- 
authorized duplication of digital content has become a 
major problem in conjunction with widespread distribu- 
tion of digital content. Various methods have been de- 
vised to prevent such unauthorized duplication, includ- 
ing adding copy control data for controlling duplication 
of digital content, and encrypting the data signal using 
encryption technology so that decoding (interpretation) 
is not possible on devices other than those that have 
been specifically licensed. There are also techniques for 
embedding such copy control data as a digital water- 
mark in the data signal. Digital watermark data is super- 
imposed as noiseto the data signal and cannot be easily 
overwritten. It is therefore possible using a digital water- 
mark to control reproduction and recording even when 
the copy control data is improperly overwritten. 
[0003] Information added to a data signal to control 
copying has four states :"copy free" enabling duplication 
at will, "one copy" allowing only one copy to be made, 
"no more copy" prohibiting further copies from being 
made, and "never copy" prohibiting any copies from be- 
ing made. These four states can be used to identify the 
copy generation and copy restriction state of the data 
signal. 

[0004] Copying is restricted as follows. The recorder 
first checks the copy control data containing in the video, 
audio, or other data signal, and restricts recording if the 
copy control data is set to "no more copy" or "never 
copy". This enables copy generation control. Recorders 
that do not check the copy control data, however, can 
still record a data signal set to "no more copy" to a data 
storage medium, and the recorded data signal is iden- 
tical to the original signal containing the copy control da- 
ta It is therefore not possible to assure copyright protec- 
tion. 

[0005] Japanese Patent Laid-open Publication 
(kokai) 11 -353796 teaches technology for resolving this 
problem by superimposing a digital watermark on the 
data signal and overwriting the state indicated by the 
digital watermark when reproducing the data signal, 
thereby effectively disabling playback from an improp- 
erly recorded data storage medium. 



[0006] This is described more specifically below. Note 
that "compliant" as used herein means compatible, and 
"non-compliant" means not compatible, with the digital 
watermark interpreting or writing process. 

5 [0007] Fig. 16 shows the principle of a conventional 
copy control scheme. Copy control data (CGMS[1 1]) in- 
dicating "no more copy", and a digital watermark like- 
wise indicating "no more copy" (WM[No More Copy]), 
are superimposed to the data signal recorded to RAM 

io disk 1300 (such as a DVD-RAM disc). When playing 
back this data signal, a compliant player 1301 rewrites 
the digital watermark from "no more copy" to "never 
copy", superimposes the updated digital watermark to 
the data signal, and outputs the resulting data signal as 

15 the playback signal. The "no more copy" state is typically 
used with DVD-RAM media to prohibit copying, and 
"never copy" is not used. A compliant recorder 1302 
therefore does not record the data signal when it detects 
a digital watermark set to a "never copy" state superim- 

20 posed to the data signal. Copying can thus be control- 
led. 

[0008] A non-compliant recorder 1303, however, ig- 
nores the digital watermark and proceeds to record the 
data signal to a separate RAM disc 1304 even though 
25 the digital watermark of the improperly recorded RAM 
disc 1 304 is set to "never copy" . A compliant player 1 305 
can therefore recognize RAM disc 1304 as an improp- 
erly recorded disc by reading the digital watermark, and 
thus effectively disable playback. 
30 [0009] As noted above, a conventional compliant 
player 1301 rewrites the content of the digital watermark 
from "no more copy" to "never copy" in order to control 
copying. The player must therefore be equipped with a 
means for rewriting the digital watermark, and this in- 
35 creases player cost. 

[001 0] The conventional technology described above 
also cannot be used with DVD-ROM media. This is be- 
cause the digital watermark used for determining wheth- 
er a DVD-ROM medium is improperly recorded is nor- 
40 mally set to "never copy". 

[0011] With consideration for the above problems, the 
present invention is directed to effectively and at low 
cost preventing copying regardless of the type of data 
storage medium by effectively disabling playback of a 
45 data signal from an improperly produced data storage 
medium. 

SUMMARY OF THE INVENTION 

so [0012] To achieve this object, copy generation man- 
agement according to the present invention in a data 
storage medium recording a data signal requiring copy 
control superimposes a scramble flag as a digital water- 
mark to the copy-controlled data signal on the storage 

55 medium. The data signal is at least either a data signal 
restricted from being further copied or from absolutely 
any copying, the scramble flag in the digital watermark 
shows that the data signal is recorded scrambled, and 



2 



BNSDOCID: <EP 11 34964 A2_1_> 



3 



EP 1 134 964 A2 



4 



the data signal is scrambled after the digital watermark 
is superimposed. 

[0013] The data signal recording and playback appa- 
ratus of the invention is a data playback apparatus for 
reading a data storage medium recording a data signal 5 
that is prohibited from further copying or from absolutely 
any copying, has a digital watermark containing a 
scramble flag indicating that the signal is recorded 
scrambled to the recording medium, and is recorded af- 
ter the data signal and superimposed digital watermark 10 
are scrambled. The data signal recording and playback 
apparatus has a data reading means for reading data 
from the data storage medium; a descrambler for de- 
scrambling the scrambling applied to the data signal; a 
digital watermark detector for detecting the scramble '5 
flag superimposed as a digital watermark in the de- 
scrambled data signal; and a playback controller for 
reading the digital watermark and detecting whether the 
descrambler is operating, and prohibiting normal play- 
back of the data signal at least when the scramble flag 20 
in the digital watermark is set to "scrambled" and the 
descrambler does not operate. 

[001 4] A data recorder according to the present inven- 
tion is a recorder for writing to a data storage medium a 
data signal containing copy control data set to a "one 25 
copy", "no more copy", or "never copy" state. The data 
recorder has means for detecting the copy control data; 
a digital watermark rewriting means for superimposing 
to the data signal as a digital watermark a scramble flag 
indicating that the data signal is recorded scrambled to 30 
the data storage medium when the detected copy con- 
trol data is set to "one copy"; a scrambler for scrambling 
the data signal with superimposed digital watermark; 
and a data writing means for writing the scrambled data 
signal to the data storage medium. 35 
[001 5] A data recorder according to the present inven- 
tion is a recorder for writing to a data storage medium a 
data signal containing copy control data set to a "one 
copy", "no more copy", or "never copy" state. The data 
recorder has a copy control data detector for detecting *o 
the copy control data; a digital watermark detector for 
detecting the digital watermark superimposed to the da- 
ta signal; and a recording controller for prohibiting re- 
cording when a scramble flag indicating that the data 
signal is recorded scrambled is detected as the digital 4$ 
watermark. 

[001 6] It is therefore possible to restrict improperly re- 
cording the descrambled data signal to another data 
storage medium, and restrict playback from a data stor- 
age medium of a different type to which the signal was 50 
illegally copied. 

[0017] Furthermore, because the data playback de- 
vice of the present invention does not rewrite the digital 
watermark, it is not necessary to provide means for re- 
writing the digital watermark. The data playback device 55 
can therefore be achieved at a low cost. 
[0018] Other objects and attainments together with a 
fuller understanding of the invention will become appar- 



ent and appreciated by referring to the following descrip- 
tion and claims taken in conjunction with the accompa- 
nying drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0019] First and second embodiments of the present 
invention will now be described hereinafter by way of 
example and with reference to the appended drawings, 
in which: 

Fig. 1 shows a copy generation managing method 
according to a first preferred embodiment of the 
present invention; 

Fig. 2 shows data flow when reading or writing a 
scrambled data signal; 

Fig. 3 shows the configuration of a compliant re- 
corder; 

Fig. 4 shows the recording process of the recorder 
shown in Fig. 3: 

Fig. 5 shows the configuration of a compliant player; 
Fig. 6 shows the reproduction process of the com- 
pliant player shown in Fig. 5; 

Fig. 7 shows the configuration of a compliant re- 
corder achieved by means of a personal computer 
(PC) recording system; 

Fig. 8 shows the process run by the controller of the 
PC encoder shown in Fig. 7; 

Fig. 9 shows the process run by the controller of the 
PC recorder (drive) shown in Fig. 7; 
Fig. 1 0 shows the configuration of a compliant play- 
er achieved by means of a personal computer (PC) 
reproduction system; 

Fig. 11 shows the process run by the controller of 

the PC player (drive) shown in Fig. 10; 

Fig. 12 shows the process run by the controller of 

the PC decoder shown in Fig. 10; 

Fig. 1 3 shows the data flow for transferring disc type 

information; 

Fig. 14 shows the authentication process and data 

transfer procedure when the reproduction system 

plays back a DVD-ROM disc; 

Fig. 15 shows the authentication process and data 

transfer procedure when the reproduction system 

plays back a DVD-R disc; and 

Fig. 16 shows the principle of a conventional copy 

control scheme. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

[0020] The preferred embodiments of an encrypted 
data signal, datastorage medium, data signal reproduc- 
tion apparatus, and data signal recording apparatus ac- 
cording to a preferred embodiment of the present inven- 
tion are described below with reference to the accom- 
panying figures. 

[0021] In this preferred embodiment of the invention 
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the data storage medium is an optical disc such as a 
DVD-RAM or DVD-ROM disc and the data signal is re- 
corded to the optical disc. The data to which copy control 
is applied is an audio/video (AV) signal containing audio 
and video content. 

[0022] A recordable DVD is further referred to as a 
RAM disc and a playback-only DVD is called a ROM 

disc. 

[0023] In addition, a recorder and player that imple- 
ments the copy generation restriction process, further 
described below are called "compliant" devices, and de- 
vices that do not implement this copy generation restric- 
tion process are called ,, non-compliant n devices. 

Embodiment 1 

[0024] Fig. 1 shows a copy generation management 
method according to a preferred embodiment of the 
present invention. A video, audio, or other data signal is 
recorded to ROM disc 100 in this exemplary embodi- 
ment, but a RAM disc can be used instead of a ROM 
disc 100. 

[0025] A data signal used in this preferred embodi- 
ment is described first below. A digital watermark is em- 
bedded as noise to the audio, video, and other compo- 
nents of the data signal. The primary features of a digital 
watermark are that the digital watermark is not eliminat- 
ed by editing, compressing, or decompressing the cop- 
yrighted material; the digital watermark is embedded so 
that the digital watermark is virtually indiscernible to the 
human eye and ear; and the quality of the original cop- 
yrighted material is maintained even after the digital wa- 
termark is embedded. These characteristics make it 
possible to prevent improperly overwriting, playback 
control, and recording control. 

[0026] Copy control data (not shown in the figure) is 
also recorded in the data signal. This copy control data 
indicates whether the data signal can be copied or not. 
For example, the copy control data'could be a two bit 
Copy Generation Management System (CGMS). Bit 
values and their meaning in the CGMS are as follow: 00 
indicates a "copy free" state; 01 , "one copy"; 10, "never 
copy"; and 11 , "no more copy". 

[0027] To apply copy control to a data signal so that 
the data signal can never be copied, for example, the 
method of the present invention scrambles (encrypts) 
the data signal prior to recording so that the signal can 
only be reproduced by an authorized licensed device. A 
characteristic process of this preferred embodiment of 
the invention is that a scramble flag, which indicates 
whether the data signal is scrambled, is set to "scram- 
bled" in this case and superimposed to the data signal 
as a digital watermark WM. This scramble flag can 
therefore also be referred to as encryption state identi- 
fication data used for determining whether the data sig- 
nal is encrypted or not. Copy control using a digital wa- 
termark is described in detail below. A notable feature 
of this digital watermark is that the a scramble flag set 



to "scrambled" is not removed by modifying, compress- 
ing, or decompressing signal data, and can therefore be 
reliably detected. A data signal having a superimposed 
digital watermark can be scrambled using a specific 

5 scrambling (encryption) technique. 

[0028] If copy control is not applied to a data signal 
so that the signal can be freely copied, for example, the 
data signal is simply not scrambled. In this case a digital 
watermark can be superimposed to the data signal or 

10 not superimposed. If a digital watermark is superim- 
posed, the digital watermark is a scramble flag set to 
"not-scrambled" to indicate that the data signal is not 
encrypted. The recorder (not shown in the figure) 
records the unscrambled data signal directly to disc, or 

15 superimposes the digital watermark and then records 
the signal, to produce ROM disc 100. 
[0029] A typical scrambling process used when pro- 
ducing ROM disc 1 00 is described first below before de- 
scribing the copy generation management method of 

20 this embodiment of the invention. 

[0030] The scrambling process described below is ac- 
complished by the ROM disc 100 manufacturer using 
an authoring system and disc cutting system. An exem- 
plary scrambling process is the DVD-ROM content 

25 scrambling system (CSS), a copyright protection sys- 
tem. 

[0031] A data signal containing audio and video, for 
example, is encrypted using three hierarchical encryp- 
tion keys. These three keys are a title key, disc key, and 

30 master key. The content encryption process of the CSS 
copyright protection system is described below. 
[0032] It should be noted that "scramble" is used here- 
in synonymously with "encrypt." An algorithm using one 
encryption key is sufficient to encrypt and scramble the 

35 data signal. A known algorithm can therefore be used, 
and further description of the algorithm is omitted below. 
It should be noted that the algorithm is often undisclosed 
for security purposes. 

[0033] Furthermore, descrambling is the operation re- 
40 storing scrambled data to the unscrambled state. De- 
scrambling is synonymous to "interpret" and "decode." 
[0034] The scrambling process is described next be- 
low. The data signal is MPEG encoded and then scram- 
bled using a title key. The title key can be freely selected 
45 by the copyright holder, such as the movie director, for 
each title on the disc, that is, for each unit of the data 
signal. The scrambled signal data is then stored to the 
data recording area of the disc. 

[0035] The title key is then encrypted using a disc key. 

50 The disc key can be freely selected by the copyright 
manager, such as the movie production company, for 
each disc. When there are more than one encrypted ti- 
tles on a disc, the copyright manager can freely deter- 
mine the disc key. Encrypted title keys are stored to a 

55 disc sector header area that the user cannot access. 
[0036] Finally, the disc keys are encrypted using a 
master key and converted to an encrypted disc key set. 
The master key is assigned to each manufacturer of de- 
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scrambler devices for descrambling a scrambled data 
signal, and is different for each manufacturer. An "en- 
crypted disc key set" means that there is one or a plu- 
rality of encrypted disc keys. Because there are only as 
many master keys as there are licensed manufacturers, 5 
one or more disc keys is generated. The number of disc 
keys are the same as that of manufacturers. The en- 
crypted disc key set is then stored to the disc lead-in 
area : which the user cannot access. 

[0037] This process results in scrambled signal data, to 
encrypted title keys, and an encrypted disc key set being 
stored to ROM disc 100. 

[0038] A descrambling process is required to repro- 
duce a copy controlled data signal from ROM disc 100. 
A license to use the specific encryption method de- 75 
scribed above, the decode key (master key), and the 
decoding algorithm must be obtained in order to de- 
scramble the signals. A compliant player 101 with a de- 
scrambling capability as shown in Fig. 1 can read and 
descramble the scrambled data signal from ROM disc 20 
100 to obtain an MPEG decodable data signal. 
[0039] The descrambling process executed by a DVD 
player or other disc playing device is described first be- 
low, and the scrambling process applied by the DVD-"* 
RAM drive or other disc recording device is then de- 25 
scribed. Fig. 2 shows the dataflow when reading or writ- 
ing scrambled signal data. 

[0040] Fig. 2A shows the concept of the descrambling 
process applied to a scrambled data signal recorded to 
disc 210. This disc 210 is a ROM disc 100 (Fig. 1) or 30 
other equivalent disc to which scrambled data signal 
212, encrypted title key 214, and encrypted disc key set 
21 6 are recorded. The scrambled data signal 21 2 is fur- 
ther assumed to be an MPEG encoded AV signal. The 
descrambler 220 part of the player is an M PEG decoder 35 
that descrambles and MPEG decodes the data signal. 
The descrambler 220 has a disc key decoder 222, title 
key decoder 224, data signal decoder 226, and MPEG 
decoder 228. 

[0041] The descrambler 220 reads the encrypted disc 40 
key set 21 6, encrypted title key, and scrambled data sig- 
nal from disc 210. The disc key decoder 222 first de- 
codes its unique disc key from the read disc key set 21 6 
using the master key stored to internal memory (not 
shown in the figure) or supplied from some other part of 
the player. The title key decoder 224 then decodes the 
encrypted title key 2 1 4 using the decoded disc key. The 
data signal decoder 226 then decodes the scrambled 
data signal 21 2 using the decoded title key to complete 
the descrambling process. Because the descrambled 50 
data signal is an MPEG encoded signal, the MPEG de- 
coder 228 decodes the signal and outputs the AV signal 
data in this preferred embodiment of the invention. 
[0042] This completes the description of descrambler 
220 operation. 5 5 
[0043] Fig. 2B shows the concept of the process for 
scrambling a data signal for recording to disc 230. This 
process is described for recording a data signal for 



which the copy control data is set to "one copy" by way 
of example only. A pre-encrypted disc key set 236 is re- 
corded to the disc 230 used for writing by the disc man- 
ufacturer before factory shipping. 

[0044] The MPEG encoder 248 of the scrambler 240 
MPEG encodes the input data signal and sends the re= 
suiting MPEG data to the data signal encrypter246. The 
data signal encrypter 246 then scrambles the M PEG da- 
ta using the title key. The title key is a random number 
generated by a random number generator 250. The title 
key is then encrypted by the title key encrypter 244 using 
the disc key, and recorded to disc 230 as the encrypted 
title key 234. The disc key is obtained by decoding the 
encrypted disc key set 236 recorded to the disc 230 us- 
ing the master key stored by the scrambler 240. 
[0045] It should be noted that once the title key is gen- 
erated and recorded to disc 230 as the encrypted title 
key 234, the recorded encrypted title key 234 is used for 
subsequent scrambling and recording of additional data 
signals. That is, the scrambler 240 reads and decodes 
the encrypted title key 234 of the disc using the disc key, 
and then scrambles the data signal using the title key. 
[0046] It will thus be noted that the scrambler 240 can 
obtain the title key by two different means. More specif- 
ically, the scrambler240 can use a random number gen- 
erated by the random number generator 250 as the title 
key, and can decode an encrypted title key 234 recorded 
to the disc 230 to obtain the title key. As program distri- 
bution increases, such as with video on demand serv- 
ices, it is expected that broadcasters (content creators) 
will also generate title keys and use these title keys to 
scramble digital broadcasting signals for wireless distri- 
bution. In this case the title key and scrambled data sig- 
nal obtained from the broadcaster will be recorded to 
disc. 

[0047] Data signals are thus scrambled and descram- 
bled as described above. 

[0048] The principle of copy generation management 
by a preferred embodiment of the present invention is 
described next below with reference to Fig. 1 . 
[0049] In this embodiment of the invention a data sig- 
nal to which copy control is to be applied has a scramble 
flag set to "scrambled" superimposed to the data signal 
as a digital watermark. A data signal having a "scram- 
bled" scramble flag superimposed thereto is thus scram- 
bled and recorded to the ROM disc 1 00. 
[0050] A primary feature of copy generation manage- 
ment by an embodiment of the present invention is that 
the scramble state of the signal data on the disc (that is, 
whether the signal is scrambled or not) is compared with 
the scramble flag state (that is, whether the scramble 
flag is set to scrambled or not), and decides based on 
the result of this comparison whether to play or record 
the signal, and whether to restrict playing or recording. 
Whether the signal data is scrambled or not can be de- 
termined by detecting whether a specific flag in the sig- 
nal data or in the data for related files is set, or whether 
the descrambler operated normally. 
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[0051] This operation is described more specifically 
below. First, compliant player 101 reads the scrambled 
signal data from ROM disc 1 00 and descrambles it. The 
compliant player 101 then detects the scramble flag 
from the descrarnbled signal data and detects whether 
the signal is scrambled as indicated by the scramble 
flag. If the signal data is scrambled and the scramble 
flag is set to "scrambled" , the scramble state and scram- 
ble flag match. As a result, the compliant player 101 out- 
puts a descrarnbled data signal. It is important to note 
here that a scramble flag set to "scrambled" is superim- 
posed on the output data signal. This is because a 
scramble flag encoded as a digital watermark is not 
eliminated by the descrambling process of a compliant 
player 101 . 

[0052] A process whereby recording is restricted 
when an attempt is made to improperly record a data 
signal output from a player to a data storage medium is 
described next. 

[0053] A compliant recorder 102 obtains a descrarn- 
bled data signal from a compliant player 101 . The com- 
pliant recorder 102 then recognizes that the received 
signal data is descrarnbled and the superimposed 
scramble flag is set to "scrambled." The compliant re- 
corder 1 02 thus knows that the state of the output data 
signal does not match the state indicated by the scram- 
ble flag, and the compliant recorder 1 02 therefore does 
not record to a RAM disc or other data storage medium. 
A compliant recorder 102 can thus restrict recording the 
signal data. 

[0054] When the data signal is not scrambled it is also 
enough to compare the scrambled state with the scram- 
ble flag. When a digital watermark is not detected and 
when the digital watermark is set to M non_scrambled" 
the data signal is output. Such output signals can be 
f ree |y copied, and a compliant recorder 102 enables 
copying the data signal to a RAM disc. 
[0055] The principle whereby playing is restricted 
when a data signal is improperly copied to a RAM disc 
is described next below. 

[0056] A non-compliant recorder 103 receives a de- 
scrambled data signal output by a compliant player 1 01 . 
The scramble flag of this data signal is set to scrambled 
and is therefore subject to copy control, but the non- 
compliant recorder 103 does not detect the digital wa- 
termark and copies the data signal to RAM disc 1 04. 
When a compliant player 1 05 then tries to play this RAM 
disc 1 04, it compares the scramble state as described 
above. In this case, however, the data signal is recorded 
descrarnbled but the superimposed scramble flag is set 
to "scrambled." The compliant player 105 therefore de- 
tects a mismatch between the actual signal state (de- 
scrambled) and the scramble flag state (scrambled), 
and recognizes that the data signal on RAM disc 104 
was improperly copied. The compliant player 1 05 there- 
fore prohibits playing the data signal. 
[0057] Note that playback is restricted even when the 
signal is not recorded to a RAM disc 1 04. For example, 



playback is also restricted from a DVD-R disc, which can 
be written but after being written is a read-only medium. 
[0058] Improper recording and playback can be pro- 
hibited with even greater security by also using a meth- 

5 od tor changing the encryption algorithm used for 
scrambling according to the type of recording medium. 
For example, by using different encryption algorithms 
for DVD-ROM media and DVD-RAM media, playback 
from a DVD-RAM disc can be prohibited when a data 

io signal scrambled with the DVD-ROM algorithm is im- 
properly copied from DVD-ROM to DVD-RAM media. 
This can be achieved by, for example, providing a table 
correlating recording medium type with the encryption 
algorithm used for each type. When the descramble cir- 

15 cuit cannot descramble a signal using the decryption al- 
gorithm corresponding to the recording medium type, 
playing the data signal from an improperly copied re- 
cording medium is effectively prohibited. Type informa- 
tion indicating the type of recording medium can be su- 

20 perimposed to the data signal with the scramble flag in 
the digital watermark. This type information identifies 
the type of recording medium to be recorded. It is there- 
fore possible to distinguish recording to DVD-R media 
from recording to DVD-RAM media. 

25 [0059] This embodiment of the present invention thus 
superimposes encryption information indicating wheth- 
er a recorded data signal is encrypted or not (that is, the 
"scrambled" scramble flag) as a digital watermark to a 
scrambled (encrypted) data signal. When the signal da- 

30 ta is decoded, the digital watermark is not changed and 
remains as originally coded. A compliant recorder and 
player can thus detect a mismatch between the unen- 
crypted decoded signal data and the digital watermark 
set to encrypted, and prohibit illegal recording to another 

35 recording medium and playback from an illegally record- 
ed recording medium. It is therefore possible for a com- 
pliant playerto prohibit playback of a disc illegally copied 
by a non-compliant recorder 1 03 even without the com- 
pliant player having a means for rewriting the digital wa- 

40 termark. 

[0060] It should be noted that while a scramble flag 
(set to scrambled or non_scrambled) is superimpose to 
the data signal as a digital watermark in this embodi- 
ment of the invention, other information can be used in- 

45 sofar as it indicates the scramble state of the data signal. 
For example, when a data signal for which the copy con- 
trol data is set to "never copy" is scrambled and then 
recorded, the same effect can be achieved by superim- 
posing this copy control data to the data signal as a dig- 

50 ital watermark. 

Recording device 

[0061] The configuration of a compliant recorder 102 
55 is described next below with reference to Fig. 3, a block 
diagram of a compliant recorder 1 02 according to this 
preferred embodiment of the invention. 
[0062] A compliant recorder 1 02 has a digital input ter- 
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minal 301 and an analog input terminal 302. Digital sig- 
nals such as encryption key information and analog sig- 
nals such as an AV signal are input from another con- 
nected device through the digital input terminal 301 and 
analog input terminal 302, respectively. A signal decryp- 5 
tion unit 303 decrypts an encrypted signal based on the 
encryption key information received^om^ajgte^^c^^^-^ ^ 
nected to the digital input terminal 30l^h^TestpT:eslhe^ ;:. 
compressed video data. Copy control data" indicating 
whether the input data signal can be copied is also de- 10 
tected. This copy control data is also superimposed on 
the data signal. 

[0063] The video data input through analog input ter- 
minal 302 is supplied from analog input terminal 302 to 
an encoder 304 and MPEG encoded, producing com- *5 
pressed video data. Copy control data indicating wheth- 
er the input data signal can be copied or not is also de- 
tected at this time. 

[0064] The selector 305 selects and outputs data from 
decryption unit 303 or data from encoder 304 based on 20 
a selection control signal corresponding to user input. 
[0065] The data output from selector 305 is supplied 
by way of WM rewriter 306 to recording controller 308. 
The WM rewriter 306 performs a process lor superim- 
posing a "scrambled (RAM)" scramble flag to the data 25 
signal as a digital watermark. It should be noted that this 
process must be performed after identifying the record- 
ing medium type as further described below. This proc- 
ess of the WM rewriter 306 spectrum spreads the 
scramble data using a pseudonoise code stream, for ex- 20 
ample, and outputs the spectrum spread scrambled da- 
ta. Methods for accomplishing this are known from the 
literature, and further description thereof is thus omitted 
below. The data output from selector 305 is supplied to 
WM decoder 307. The WM decoder 307 extracts the 35 
scramble data superimposed to the data signal as a dig- 
ital watermark, identifies the written content, and passes 
the resulting output to controller 309. 
[0066] Based on the copy control data detected from 
the input data and the digital watermark output, control- *o 
ler 309 determines whether the input data can be re- 
corded (copied). If it can be recorded (copied), it deter- 
mines whether overwriting the digital watermark is nec- 
essary for copy control, if it is determined that recording 
(copying) is prohibited, controller 309 controls recording 45 
controller 308 so that it does not record. If recording is 
permitted, or if making one copy is permitted, the con- 
troller 309 instructs recording controller 308 to record. 
The compliant recorder 102 then reads disk type infor- 
mation (indicating whether it is a RAM disc, write-once so 
disc, or other type) by way of reader 31 3, and disc type 
identifier 314 detects the disk type. The content of the 
scramble flag is then determined based on the detected 
disk type, a scramble flag to be superimposed on the 
data signal is generated by the WM rewriter 306, and 55 
then superimposed by the recording controller 308 to 
the data signal. The scrambler 310 then applies a spe- 
cific scrambling operation to the data signal according 



to the disk type, and records to RAM disc 312 by way of 
disc writer 311 . 

[0067] The process performed after the compliant re- 
corder 1 02 completes encryption decoding is described 
next with reference to Fig. 4. Fig. 4 is a flow chart of the 
recording process of a compliant recorder 102. 
;-:[0Oj68J^«3Ihe copy control data detected when a data 
" signal is input is checked first (step S1 01 ). Whether the 
copy control data is set to "never copy" or "no more 
copy" is then determined (step S102). Recording is pro- 
hibited if the copy control data is set to either state, and 
the recording process is immediately terminated (step 
S1 03) . Note that "never copy" indicates that copy control 
absolutely prohibits copying the data signal. "No more 
copy", however, indicates that copy control allows cop- 
yable music or video data to be duplicated only once, 
and then prohibits making further copies. 
[0069] If neither of these states applies (that is, the 
copy control data is not set to "never copy" or "no more 
copy"), the digital watermark WM superimposed to the 
input signal is interpreted (step S104) to determine 
whether the digital watermark WM is set to "scrambled" 
(step S1 05). If it is set to scrambled, the data signal se- 
lected for recording was originally scrambled is identi- 
fied as data input after the copy control data was illegally 
modified, and the recording process is terminated (step 
S1 03). If it is not set to scrambled, the data known to be 
recordable. 

[0070] If the data is identified to be recordable, it is 
determined whether the copy control data is set to "one 
copy" to determine whether the data signal must be 
scrambled (step S1 06). If it is set to "one copy", the dig- 
ital watermark is overwritten to "scramble (RAM)" (step 
S1 07), and the data is scrambled by applying a specified 
scrambling technique (step S108). The compliant re- 
corder 102 (Fig. 3) then records the resulting data to 
RAM disc (step S109). 

[0071 ] If the copy control data is not set to "one copy" , 
that is, is set to "copy free", the signal is recorded to 
RAM disc without scrambling (step S109). 
[0072] A RAM disc recorded by a compliant recorder 
102 thus comprised records a data signal for which the 
copy control data is set to "one copy" with scrambling 
data superimposed as a digital watermark paired with 
scrambling the data signal. 

[0073] Based on particular information read by the 
reader 313 (Fig. 3), the disc type identifier 314 detects 
the type of disc that was loaded and may record the disk 
type to the digital watermark. Various disk types are pos- 
sible, including ROM (read-only), RAM (writable), write- 
once, write-1000 (writable approximately 1000 times), 
and write- 100,000. Disc type is identified based on the 
physical properties of the disc (focus characteristics, 
tracking characteristics, read characteristics) and data 
from a control data area recording the disk type. 
[0074] It should be noted that the scrambling process 
can be applied to only part of the data stream (such as 
to l-frames in MPEG encoded data) with consideration 
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for the processing overhead during data playback. In 
this case the digital watermark must be superimposed 
to all data In the scrambled part of the signal. 
[0075] When manufacturing ROM discs with a scram- 
bled data signal as described above, the data recording 
apparatus comprises an authoring system and disc cut- 
ting system, for example. The authoring system com- 
presses the data signal based on the data signal, and 
superimposes scrambled data as the digital watermark. 
The disc cutting system scrambles the data signal and 
produces a disc master. ROM discs in which copy con- 
trol as described above is implemented can thus be 
manufactured using such a data recording apparatus. 

Reproducing apparatus 

[0076] The configuration of a compliant player 105 is 
described next with reference to Fig. 5. 
[0077] The configuration of compliant player 105 is 
identical to that of compliant player 101 . Fig. 5 is a block 
diagram showing compliant player 105. The data re- 
corded to a disc loaded into compliant player 1 05 is read 
by reader 401, and supplied therefrom to descrambler 
402, scramble status detector403, and disk type detec- 
tor 404. 

[0078] The scramble status detector 403 extracts the 
scramble flag recorded as added information to the disc 
and detects whether the recorded data is scrambled. 
The detection result is passed to controller 405. It should 
be noted that a specific encryption method (such as the 
CSS. (content scrambling system) copyright protection 
system) is used to encrypt a ROM disc set to "never 
copy", 

[0079] The disk type detector 404 detects the type of 
disc loaded into the player, and passes the result to con- 
troller 405. As noted above, the disk type indicates 
whether the disc is ROM (read-only), RAM (writable)., 
write-once, write-1000 (writable approximately 1000 
times), write-1 00,000, or other type. Disc type is identi- 
fied based on the physical properties of the disc (focus 
characteristics, tracking characteristics, read character- 
istics) and data from a control data area recording the 
disk type. 

[0080] The descrambler 402 decodes the scrambling 
applied to a ROM disc by the disc manufacturer, or the 
scrambling applied to a RAM disc by the scrambler 240 
of the disc recorder (Fig. 2B). The descrambler 402 runs 
the process of the descrambler 220 previously de- 
scribed with reference to Fig. 2A. 

[0081] The descrambler 402 then passes the data 
output to digital watermark WM decoder 406 and play- 
back controller 407. The digital watermark WM decoder 
406 decodes the scrambled data superimposed as a 
digital watermark to the data signal. Note that "decode" 
as used here means extracting the scrambling data and 
evaluating its content. This is because the digital water- 
mark is thought to be encoded superimposed as noise 
to the data signal. The digital watermark WM decoder 



406 outputs the result to controller 405. 
[0082] The controller 405 decides whether to permit 
or prohibit playback based on the detected disk type, 
scramble flag, and digital watermark content. It will be 
5 remembered that scrambling of the data signal and the 
content indicated by the scramble flag are a matched 
pair in a disc recorded by a compliant recorder 102 (Fig. 
1). 

[0083] Therefore, when a non-complying disc is load- 
10 ed in the player, descrambler 402 supplies prohibit-play- 
back control information to playback controller 407, and 
thus prohibits further signal processing by the playback 
controller 407 and downstream components. If the data 
signal is from a compliant disc, processing by the play- 
75 back controller 407 and downstream components is en- 
abled. The playback controller 407 passes the AV data 
to decoder 408, and decoder 408 decodes the MPEG 
encoded data. The analog interface 409 then D/A con- 
verts the decoded data, and supplies it to an external 
20 ... device. If there is a device connected to digital interface 
411, encryption unit 410 encrypts the MPEG encoded 
data and the encrypted data is then output from digital 
interface 41 1 . 

[0084] The playback process of the compliant player 

25 105 shown in Fig. 5 is described next with reference to 
Fig. 6. Fig. 6 is a flow chart of the playback process. 
[0085] A compliant player 105 (Fig. 5) first detects 
whether the data signal recorded to the loaded disc is 
scrambled (step S201) ; Data can be scrambled using 

30 the RAM disc scrambling method of the scrambler 240 
of compliant recorder 102 (Fig. 2), orthe method applied 
to a ROM disc (such as the CSS copyright protection 
system). Because the scrambling method differs ac- 
cording to disk type, disk type detector 404 (Fig. 5) 

35 checks the disk type (step S202). 

[0086] If a ROM disc type is detected, descrambler 
402 applies a ROM scrambling process (step S203). 
The digital watermark WM decoder 406 then detects 
whether a digital watermark WM indicating the scramble 

40 state is written to the descrambled data signal (step 

5204) , and controller 405 (Fig. 5) determines whether 
the digital watermark is set to "scrambled (ROM)" (step 

5205) . If it is : controller 405 (Fig. 5) permits playback 
(step S211); otherwise playback is prohibited (step 

45 S212). 

[0087] If the disk type is determined in step S202 to 
be a RAM disc, the descrambler 402 similarly applies a 
RAM scrambling process (step S206). The digital wa- 
termark WM decoder 406 (Fig. 5) then detects whether 

50 a digital watermark WM indicating the scramble state is 
written to the descrambled data signal (step S207), and 
controller 405 (Fig. 5) determines whether the digital wa- 
termark is set to "scrambled (RAM)" (step S208). If it is, 
controller 405 (Fig. 5) permits playback (step S21 1 ): oth- 

55 erwise playback is prohibited (step S212). 

[0088] If step S201 determines that the disc is not 
scrambled, the data signal is sent to the digital water- 
mark WM decoder 406 (Fig. 5) without descrambler402. 



8 



BNSDOCJD: <EP 1 134964A2J_> 



15 



EP 1 134 964 A2 



16 



running the descrambling process. The digital water- 
mark WM decoder 406 (Fig. 5) then detects the digital 
watermark WM (step S209) and controller 405 detects 
whether the watermark is set to "scrambled" (step 
S21 0). If the digital watermark WM is set to "scrambled", 
controller 405 prohibits playback (step S212), and oth- 
erwise permits playback (step S211). Note that "other- 
wise" here refers to cases when the digital watermark 
is not detected, and when the detected digital watermark 
is set to "non_scrambled." 

[0089] In other words, if the disc is recorded by a com- 
pliant recorder 102 (Fig. 1),the data signal is scrambled 
before being recorded if the digital watermark WM is set 
to scrambled. However, if the digital watermark WM is 
set to "scrambled" but the signal is not scrambled, it is 
known that the data signal was illegally copied. This ap- 
plies when the output of a compliant player 101 (Fig. 1) 
is recorded to a disc by a non-compliant recorder 1 03 
(Fig. 1), and when a scrambled data signal is illegally 
descrambied and recorded to disc. 
[0090] It is therefore possible to prohibit playback in 
such cases if a compliant recorder 102 (Fig. 1, Fig. 3) 
and compliant player 101, 105 (Fig. 1, Fig. 5) according 
to the present invention are used. It is therefore possible 
to prevent illegal copying, and to keep the cost of the 
playback device down, without providing a rewriting 
means for overwriting a digital watermark in the disc 
player. 

[0091] It should be noted that if only part of the data 
signal is scrambled, it is necessary to check the embed- 
ded scramble flag and determine whether the descram- 
bling process of the descrambler 402 is completed nor- 
mally. This makes it possible to prohibit playback when 
the scramble flag of an illegally duplicated data signal is 
illegally rewritten to "scrambled". 

[0092] It will be obvious to one with ordinary skill in 
the related art that while the data signal is encrypted in 
this embodiment by scrambling, the same effects can 
be achieved using other encryption methods. 
[0093] Furthermore, while an optical disc is used by 
way of example as the data storage medium in this em- 
bodiment, the same effects can also be achieved using 
other types of storage, including semiconductor memo- 
ry and magnetic storage media (such as a hard disk). 

Embodiment 2 

[0094] The compliant recorder 1 02 (Fig. 1 and Fig. 3) 
and compliant player 101, 105 (Fig. 1, Fig. 5) are de- 
scribed above in the first embodiment as comprising 
thereinside a block (disc writer 311 (Fig. 3) and reader 
401 (Fig. 5)) for recording a data signal to disc or repro- 
ducing a data signal from disc, a block (WM decoder 
307 (Fig. 3) and 406 (Fig. 5)) fordetecting a digital wa- 
termark, and a block (encoder 304 (Fig. 3) and decoder 
408 (Fig. 5)) for compressing and decompressing the 
data signal. 

[0095] However, if the functions of the disc recorder 



and disc player are achieved in a personal computer, for 
example, the drive for reading and writing a data signal, 
and the encoder/decoder are generally achieved in sep- 
arate devices. 

5 [0096] When these functions are achieved in discrete 
devices, the decoder controls playback based on the 
disk type detected by the drive. It is therefore possible 
to improperly change the disk type and playback an im- 
properly copied disc. More specifically, if a data signal 
recorded to a ROM disc is recorded to a RAM disc by a 
non-compliant recorder and is then played back, illegal 
software intercedes between the drive and decoder, and 
the disk type detected by the drive can be changed to 
"ROM." As a result, playback of ROM disc content ille- 
gally copied to a RAM disc cannot be prevented as in a 
compliant player 101, 105 (Fig. 1). 
[0097] This second embodiment of the invention de- 
scribes a configuration whereby playback can be pre- 
vented in such circumstances. 

Personal computer as a recording device 

[0098] Fig. 7 shows a compliant recorder achieved in 
a personal computer (PC) recording system 600. As 
shown in Fig. 7, the major components of this compliant 
PC recording system 600 are PC encoder 600-1 and PC 
recording device (drive) 600-2. A digital interface (such 
as SCSI, ATAPI, or IEEE 1394) capable of preventing 
illegal copying connects the PC encoder 600-1 and PC 
recording device (drive) 600-2. The PC encoder 600-1 
is equivalent to the components of a compliant recorder 
102 (Fig. 3) from the interface terminals 301 and-302to 
the scrambler 310, and performs the same operations. 
Further description of like operation is therefore omitted 
below. The PC recording device (drive) 600-2 is equiv- 
alent to the disc writer 311 (Fig. 3). 
[0099] How the operation of this PC encoder 600-1 
differs from the operation achieved by the components 
from the interface terminals 301 and 302 to the scram- 
bler 310 of the compliant recorder 102 shown in Fig. 3 
is described below. When a "one copy" data signal is to 
be recorded to a RAM disc, the scrambler 61 0 of the PC 
encoder 600-1 applies a specific scrambling method to 
the data signal. So that the key used for scrambling can 
be safely shared by the PC recorder drive and PC en- 
coder, authentication units 613, 617 are mutually au- 
thenticated by way of digital interfaces 615, 616. If au- 
thentication is successful, authentication unit 613 and 
authentication unit 617 in the PC recorder drive each 
confirm that the other is a licensed device, that is, is a 
compliant device. If authentication is successful, a pass 
key for encrypting the data sent to the digital interface 
is also shared. Using this shared bus key, the encryption 
unit 614 of the PC encoder encrypts the data requiring 
protection (including key data and signal data), and 
sends the encrypted data to the PC recording device 
(drive) 600-2 through digital interface 615. 
[0100] Using the shared bus key, the decryption unit 
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(encryption decoder) 618 of the PC recording device 
(drive) 600-2 decodes the received data. Writer 611 then 
records the data signal received from PC encoder 600-1 
to RAM disc 612. Recording controller 61 9 controls re- 
cording to the RAM disc 612 so that data that must be 
recorded to a particular protected area, such as key da- 
ta, is not written to the RAM disc 612 unless authenti- 
cation of the PC encoder is successful. 
[01 01 ] A compliant device changes the authentication 
method and processing of the key data and data signal 
according to the disk type and the recorded data signal. 
Based on the signal reproduced by the reader 620, disk 
type detector 621 of PC recording device (drive) 600-2 
identifies the physical characteristics (focus character- 
istics, tracking characteristics, playback characteristics) 
of the RAM disc 61 2, and identifies the disk type record- 
ed to the control area of RAM disc 612. The results are 
then output to controller 622. It should be noted that it 
is possible for the data indicating the disk type to be 
modified in transmission, but such modification can be 
prevented by the method described further below. Con- 
troller 622 changes the authentication method and data 
transmission method according to the disk type for data 
communication with PC encoder 600-1. 
[0102] Operation of the PC encoder 600-1 and PC re- 
cording device (drive) 600-2 in this embodiment of a 
compliant PC recording system 600 is descried next. 
Fig. 8 is a flow chart of the process run by the controller 
609 of the PC encoder 600-1 (Fig. 7). 
[0103] Recording a "one copy* 1 data signal is de- 
scribed first. The controller 609 (Fig. 7) tells authentica- 
tion unit 613 to authenticate the PC recording device 
(drive) 600-2 with authentication unit 617 (step S301). 
Based on the result passed by authentication unit 613, 
controller 609 determines whether both devices are 
compliant (step S302). This makes it possible to confirm 
whether the devices are licensed before proceeding 
with recording. 

[01 04] If both devices are authenticated compliant de- 
vices, PC encoder 600-1 and PC recording device 
(drive) 600-2 generate a shared bus key (step S303). 
PC encoder 600-1 then obtains the key data generated 
by PC recording device (drive) 600-2 for scrambling (re- 
ferred to below as the scrambling key) from PC drive 
600-2 (step S304). The scrambling key is data that has 
been encrypted or processed by the PC drive 600-2 
based on the shared bus key to prevent tampering. 
[0105] The controller 609 of the PC encoder 600-1 
(Fig. 7) then records the data signal according to the 
recorded process shown in Fig. 4 and described above 
(step S305 and after). Further description of this record- 
ing process is therefore omitted here. 
[01 06] This recording process differs from that shown 
in Fig. 4 in that a step S311 for checking whether au- 
thentication was successful is inserted after step S106 
identifying the "one copy" setting (Fig. 4). Recording is 
prohibited when authentication is not successful in step 
S311. 



[0107] The operation of PC drive 600-2 (Fig. 7) is de- 
scribed next. Fig. 9 is a flow chart of the process per- 
formed by controller 622 of the PC drive 600-2 (Fig. 7). 
[0108] As with the PC encoder 600-1 , controller 622 

5 tells authentication unit 617 to authenticate the PC en- 
coder 600-1 with authentication unit 613 (step S401). 
Based on the result passed by authentication unit 617, 
controller 622 determines whether both devices are au- 
thenticated compliant (step S402). 

10 [01 09] If authentication was successful, controller 622 
generates a shared bus key. Based on the shared bus 
key, controller 622 then encrypts or otherwise process- 
es the scrambling key to prevent tampering, and sends 
it from PC drive 600-2 to digital interface 601 (S404). 

15 Access (recording and playback) to the scrambled data 
signal, the scrambling key, and the scrambling control 
data is then permitted, and recording is accomplished 
(S405). 

[0110] If authentication was not successful, recording 
20 only the data signal is allowed, and recording the scram- 
bling key and scrambling control data to a reserved area 
of the disc is prohibited (S406). 

[0111] Therefore, if the PC encoder 600-1 and PC 
drive 600-2 are not both compliant, accessing the 

25 scrambling key and scrambling control data can be pre- 
vented. As a result, a digital watermark set to "scram- 
bled" and the scrambled state of the data signal can be 
detected and copying enabled when recording a data 
signal for which the copy control data is set to "one copy" 

30 in a compliant PC recording system 600 comprising a 
compliant PC encoder 600-1 and a compliant PC drive 
600-2. In addition, access to the specific area on disc is 
prevented and scrambling cannot be correctly complet- 
ed in a non-compliant PC system in which either or both 

35 the PC encoder and PC drive are non-compliant. 

Personal computer as a playback device 

[0112] Fig. 10 shows a preferred embodiment of a 

40 compliant playback device achieved by a personal com- 
puter (PC) playback system 900. As shown in Fig. 10 
the major components of this PC playback system 900 
are a PC decoder 900-1 and PC playback device (drive) 
900-2. A digital interface (such as SCSI, ATAP1, or IEEE 

45 1 394) capable of preventing illegal copying connects the 
PC decoder 900-1 and PC drive 900-2. The PC decoder 
900-1 is equivalent to the components of a compliant 
player 101, 105 (Fig. 5) from.the descrambler 402 (Fig. 
5) to the interfaces 409, 411, and performs the same 

50 operations. Further description of like operation is there- 
fore omitted below. The PC drive 900-2 is equivalent to 
the reader 401 (Fig. 5). The reader 901 reads the re- 
corded data from the ROM/RAM disc 950 loaded into 
PC drive 900-2, and passes the read data to scramble 

55 state detector 904 and disk type detector 903. The 
scramble state detector 904 and disk type detector 903 
detect the scramble flag and disk type in the same way 
as the compliant player 101, 105 (Fig. 5) described 
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above. 

[01 13] If a scrambled data signal is output from digital 
interface 916, authentication unit 915 of PC drive 900-2 
talks with authentication unit 919 of PC decoder 900-1 
for mutual authentication. If authentication is not sue- 5 
cessful, playback controller 913 prohibits reading data 
from the PC drive 900-2. If authentication is successful, 
the descrambler 902 of the PC decoder 900-1 reads the 
data signal and applies a specific descrambling opera- 
tion to the scrambled copy-prohibited data signal. 
[0114] So that the key used for scrambling can be 
safely shared by the PC playback drive and PC decoder, 
authentication units 915, 919 are mutually authenticated 
by way of digital interfaces 916, 917. 
[0115] If authentication is successful, authentication 
unit 915 and authentication unit 919 can each confirm 
that the other is a licensed device, that is, a compliant 
device. More specifically, if authentication is successful, 
a pass key for encrypting the data sent to the digital in- 
terface is also shared. Using this shared bus key, the 
encryption unit 914 of the PC drive 900-2 encrypts data 
requiring protection (such as the key data and data sig- 
nal), and sends the encrypted data from digital interface 
91 6 to PC decoder 900-1 . 

[0116] A compliant device changes the authentication 
method and processing of the key data and data signal 
according to the disk type and the recorded data signal. 
Based on the signal reproduced by the reader 901 , disk 
type detector 903 identifies the disk type based on the 
physical characteristics (focus characteristics, tracking 
characteristics, playback characteristics) of the disc and 
data recorded to the control area of the disc. The result 
is then output to controller 912. The controller 912 
changes the authentication method and data transmis- 
sion method according to the disk type, and exchanges 
data with the PC decoder 900-1 . The PC decoder 900-1 
similarly changes the authentication method and data 
transmission method according to the data signal 
scrambling method and type of the disc to which the data 
signal to be played back is recorded. 
[0117] The decryption unit (encryption decoder) 918 
of PC decoder 900-1 then decodes the received data 
based on the shared bus key. The processes run from 
the descrambler 902 to the analog interface 909 and dig- 
ital interface 91 1 are the same as in the compliant player 
101 , 1 05 (Fig. 5) described above, and further descrip- 
tion is omitted here. 

[0118] The controller 905 of PC decoder 900-1 con- 
trols playback using not only data signal scrambling in- 
formation (whether the signal is scrambled and the 
scrambling method) and scrambling data encoded in the 
digital watermark, but also using the authentication 
method and data transmission method. 
[0119] Operation of the PC decoder 900-1 and PC 
drive 900-2 in this PC playback system 900 is described 
next. Fig. 11 is a flow chart of the process of the control- 
ler 912 (Fig. 10) of the PC drive 900-2. 
[0120] To reproduce a scrambled data signal record- 



ed to the disc, controller 912 (Fig. 10) instructs authen- 
tication unit 915 to authenticate the PC decoder 900-1 
with authentication unit 919 (step S501). Based on the 
result from authentication unit 915, controller 912 (Fig. 
1 0) determines whether both PC decoder 900-1 and PC 
drive 900-2 are compliant devices (step S502). This 
makes it possible to confirm whether the devices are li- 
censed before proceeding with recording. 
[0121] If both devices a re authenticated compliant de- 
vices, PC decoder 900-1 and PC drive 900-2 generate 
a shared bus key (step S503). Using this shared bus 
key, controller 91 2 encrypts or processes the scram- 
bling key to prevent tampering, and then sends it from 
PC drive 900-2 to PC decoder 900-1 (S504). Access to 
the scrambled data signal, scrambling key, and scram- 
bling control data is then allowed, and playback contin- 
ues (8505). 

[0122] If authentication is not successful in step S502, 
reproducing only the data signal is allowed, and repro- 
ducing data from a reserved part of the disc is prohibited 
(S506). 

[0123] Fig. 12 shows the process of the controller 905 
in PC decoder 900-1 (Fig. 10). As does the PC drive 
900-2, controller 905 instructs authentication unit 91 9 to 
authenticate the PC drive 900-2 with authentication unit 
915 to reproduce a scrambled data signal recorded to 
the disc (step S601). Based on the result from authen- 
tication unit 919, controller 905 (Fig. 10) determines 
whether both PC decoder 900-1 and PC drive 900-2 are 
compliant devices (step S602). 

[01 24] If both devices are authenticated compliant de- 
vices, PC decoder 900-1 and PC drive 900-2 generate 
a shared bus key (step S603). The PC decoder 900-1 
then obtains the scrambling key generated by the PC 
drive 900-2 from PC drive 900-2 (S604). 
[0125] The controller 905 of PC decoder 900-1 then 
reproduces the data signal according to the playback 
control flow shown in Fig. 6 (from step S605). This proc- 
ess is already described above, and further description 
thereof is thus omitted here. 

[01 26] This recording process differs from that shown 
in Fig. 6 in that steps (S609, S61 2) for checking whether 
authentication was successful for the disc are modified 
after step S202 (Fig. 6) identifying the disk type. If au- 
thentication appropriate to the disc type (ROM or RAM) 
is not successful, data signal playback therefrom is pro- 
hibited. 

[0127] Access to the scrambling key and scrambling 
control data can therefore be prevented when both the 
PC decoder 900-1 and PC drive 900-2 (Fig. 10) are not 
compliant device. As a result, when reproducing a data 
signal for which the copy control data is set to prohibit 
copying, a PC playback system 900 comprising a com- 
pliant PC decoder 900-1 and a compliant PC drive 900-2 
can detect if a data signal is descrambled and the digital 
watermark is set to "scrambled." It is therefore possible 
to prevent normal descrambling on a non-compliant PC 
system because key data cannot be reproduced from 
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the reserved area on disc. 
Disc type transfer method 

[0128] Referring next to Fig. 13, a method for trans- 
mitting data from the PC drive to an encoder or decoder 
so that the disk type data cannot be tampered with is 
described below. Fig. 13 shows the data flow when 
transmitting disk type data. The PC drive shown here 
can be PC drive 600-2 (Fig. 7) or PC drive 900-2 (Fig. 
10). 

[0129] A PC encoder or PC decoder permits data sig- 
nal recording and playback using the disk type data. It 
is therefore necessary to transmit data indicating the 
disk type from the drive to the encoder or decoder with- 
out the data being tampered with and changed. As noted 
above, the PC encoder or PC decoder can be PC drive 
600-2 (Fig. 7) or PC drive 900-2 (Fig. 10). 
[01 30] A authentication key 1 201 used for authentica- 
tion between the drive and encoder or decoder is re- 
corded to disc 1250 in Fig. 13. This authentication key 
1201 is a set of one or a plurality of encryption authen- 
tication keys (EAK1 , EAK2, ...). An encryption authenti- 
cation key uses a device key to encrypt the shared key 
used for mutual authentication (authentication key) and 
disk type data recorded to the authentication key. The 
device key is a key assigned to each device. 
[0131) An example of an encryption authentication 
key is shown below. 

EAK1 s= ENC(device key (DK1 ), {authentication key 
(AK), disk type (DT)}) 

EAK2 = ENCfdevice key (DK2) .{authentication key 
(AK), disk type (DT)}) 

[0132] PC drive authentication unit 915 reads the en- 
cryption authentication key (EAK1) assigned to the de- 
vice from the authentication key data read from disc 
1250, and decodes it using the internally stored as- 
signed device key DK1 . Authorization key (AK) and disk 
type (DT) are thus obtained. The PC drive then detects 
disk type (DT) 1 from the physical characteristics (focus 
characteristics, tracking characteristics, playback char- 
acteristics) of the loaded disc, and the control area 
where the disk type is stored. Mutual authentication is 
accomplished using disc authorization key (DAK 1 ), 
which is obtained by applying a specific operation 
(shown as addition in Fig. 13) to disk type (DP) from 
disk type detector 1202 and authorization key (AK). 
[0133] The PC encoder/PC decoder extracts the en- 
cryption authentication key (EAK2) assigned to the de- 
vice from the authentication key data read from disc 
1 250, and decodes EAK2 using the internally stored as- 
signed device key DK2 to obtain authorization key (AK) 
and disk type (DT). Mutual authentication is accom- 
plished using disc authorization key (DAK), which is ob- 
tained by applying a specific operation (shown as addi- 
tion in Fig. 13) to disk type (DT) and authorization key 



(AK). 

[0134] Mutual authentication is thus accomplished 
using a shared disc authentication key. More specifical- 
ly, authentication is successful when DAK = DAK', and 

5 is unsuccessful when DAK <> DAK'. In other words, 
when the DT value from the authentication key data 
does not match the disk type (DT) detected by the drive, 
authentication unit 915 and authentication unit 91 9 can 
fail the authentication attempt. As a result, even if key 

10 data or superimposed obtained from a ROM disc is ille- 
gally copied to a RAM disc, the disk type (DT) value in 
the authentication key data and the disk type (DT) de- 
tected by the drive will not match. Verification will there- 
fore not be successful, and data signal playback can be 

15 prevented. Furthermore, even if the authentication key 
data is illegally changed, the authentication key and the 
disk type will not match, and mutual authentication will 
fail. 

[0135] It will be remembered that the authentication 

20 key data has been described as recording an encrypted 
authentication key and disk type. It is also possible, how- 
ever, to safely transmit the disk type without embedding 
the disk type in the authentication key data by encrypting 
the disk type detected by the drive and sending this en- 

25 crypted disk type to the PC encoder or decoder. Normal 
signal data playback can therefore be achieved in prac- 
tice. When the disk type cannot be contained in the au- 
thentication key data, mutual authentication will be com- 
mon irrespective of disk type and mutual authentication 

30 will be successful irrespective of the disk type. However, 
even if mutual authentication succeeds, it is possible to 
prevent normal presentation of audio and video when 
the data signal is played back with the wrong disk type 
(scrambling method). 

35 [0136] It is therefore possible to prevent playback of 
an illegal disc copy using a recorder and player as de- 
scribed above without providing a digital watermark WM 
detector and rewriter in the PC drive. 
[0137] A process for changing the authentication 

40 method and data transfer method (procedure for send- 
ing the data and key) according to the disk type is de- 
scribed next. By reversing the use of these properties, 
a procedure for identifying the disk type from the steps 
of the authentication process is also possible. A system 

45 that can be used as a PC drive and PC encoder (Fig. 
10) is described below. 

[0138] Fig. 14 shows the authentication process and 
data transfer process when playback system 1400 re- 
produces data from DVD-ROM disc 1450. 

so [0139] The bus authentication step is described first. 
[0140] MPEG decoder module 1428 generates ran- 
dom number c1 and sets it to DVD drive 1 400-1 as chal- 
lenge data (drv_chal(c1)). DVD drive 1400-1 generates 
f(cl) using a confidential function f, and returns it to 

55 MPEG decoder module 1400-2 as response (drv_res(f 
(c1 )). MPEG decoder module 1 400-2 generates f (cl) us- 
ing an internal confidential function f. MPEG decoder 
module 1400-2 then detects whether f(cl) matches the 
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response data returned from DVD drive 1400-1, and 
MPEG decoder module 1428 confirms that DVD drive 
1400-1 is a compliant device. 

[0141] Next, DVD drive 1400-1 generates random 
number c2, and sets it to MPEG decoder module 1 400-2 
as challenge data (dec_chal(c2)). MPEG decoder mod- 
ule 1400-2 generates f(c2) using a confidential function 
f, and returns (dec_res(f(c2)) to DVD drive 1400-1 as 
the response. DVD drive 1400-1 then generates f(c2) 
using an internal confidential function f. DVD drive 
1400-1 then checks whether f(c2) matches the re- 
sponse from the MPEG decoder module 1400-2, and 
the DVD drive verifies whether the MPEG decoder is a 
compliant device. DVD drive 1400-1 and MPEG decod- 
er module 1400-2 thus share a confidential time-variant 
key. 

[01 42] The step for confidentially transmitting the key 
data using a time-variant key is described next. 
[0143] Using a shared time-variant key DVD drive 
1 400-1 bus encrypts the encrypted disc key set and en- 
crypted title keys recorded to the DVD-ROM disc 1 450, 
and sends the encrypted data to MPEG decoder module 
1400-2. MPEG decoder module 1400-2 then bus de- 
codes using the shared time-variant key the received 
encrypted disc key set and encrypted title keys. 
[0144] For decoding the scrambled data signal, 
MPEG decoder module 1400-2 decodes the scrambled 
data signal as shown in Fig. 2A using the bus-decrypted 
encrypted disc key set and encrypted title keys, and can 
thus obtain the data signal content. 
[0145] Fig. 15 shows the authentication process and 
data transfer process when playback system 1 500 re- 
produces data from DVD-R disc 1550. 
[01 46] The bus authentication step is the same as the 
bus authentication step for playing DVD-ROM disc 1 450 
(Fig. 14). Further description thereof is thus omitted. 
[0147] The step for confidentially transmitting the key 
data using a time-variant key is described next. 
[0148] DVD drive 1500-1 bus encrypts the encrypted 
disc key set using the shared time-variant key, and ap- 
plies a tamper check code to the media ID. The DVD 
drive 1500-1 then sends the encrypted disc key set and 
media ID to the MPEG decoder module 1500-2. MPEG 
decoder module 1500-2 bus-decrypts the received bus- 
encrypted encrypted disc key set using the shared time- 
variant key. The MPEG decoder module 1500-2 also 
checks the tamper check code assigned for the media 
ID using the shared time-variant key. 
[0149] Decoding the scrambled data signal (content) 
is described next. MPEG decoder module 1 500-2 reads 
the encrypted title keys and scrambled data signal (AV 
data) from the user area of DVD-R disc DVD-R disc 
1550. MPEG decoder module 1500-2 decodes the disc 
key using the decrypted encrypted disc key set, and us- 
es the disc key to decode the disc-specific key. The title 
keys are then decoded using the disc-specific key, and 
the scrambled data signal is descrambled using the title 
keys. 



[0150] As described above, the transferred data and 
transfer procedure are different with DVD-ROM and 
DVD-R media because the keys and other data needed 
to decode the scrambled data signal are different for a 

5 read-only DVD (DVD-ROM disc) and a writable DVD 
(DVD-R disc). With these embodiments of the invention, 
the DVD drive detects the disk type and is controlled 
according to a corresponding transmission procedure. 
The MPEG decoder module identifies the disk type from 

10 the differences in the transmission procedures, and can 
restrict playback by comparing and detecting a match 
with the disk type superimposed in the digital water- 
mark. 

[01 51 ] It should be noted that the same authentication 
J5 process is used with read-only DVDs and writable DVDs 
shown in Fig. 14 and Fig. 15. However, the MPEG de- 
coder module can identify the disk type from differences 
in the authentication process as described above if dif- 
ferent authentication processes are used for read-only 
20 DVDs and writable DVDs. Different authentication 
methods can be achieved by, for example, using differ- 
ent algorithms (the above-noted function f), or by using 
different parameters in the same algorithm. 
[01 52] It will be further noted that while these embod- 
iments have been described encrypting the data signal 
by scrambling, the same effects and benefits can be 
achieved using other encryption methods. 
[01 53] Furthermore, these embodiments of the inven- 
tion have been described using an optical disc as the 
data storage medium. However, the same methods can 
be applied to other types of storage, including semicon- 
ductor memory and magnetic storage media (such as 
hard disks). Furthermore, the encrypted data signal of 
the present invention can be transmitted over the Inter- 
net or other network system (transmission medium). Il- 
legal copying can be prevented in these cases by using 
the same authentication process described above on 
the sending and receiving sides. 
[0154] The invention being thus described, it will be 
obvious that the same may be varied in many ways. 
Such variations are not to be regarded as a departure 
from the spirit and scope of the invention, and all such 
modifications as would be obvious to one skilled in the 
art are intended to be included within the scope of the 
following claims. 

Claims, . 

1 . An encrypted data signal encrypting a copy-control- 
led data signal, wherein the data signal contains su- 
perimposed thereto as a digital watermark identifi- 
cation data identifying the data signal as an encrypt- 
ed signal. 

2. An encrypted data signal as described in claim 1 , 
wherein the data signal is either a "No more copy" 
signal or a "Never copy" signal. 
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3. An encrypted data signal as described in claim 1, 
wherein the digital watermark further contains type 
data indicating a type of data storage medium re- 
cording the encrypted data signal. 

5 

4. A data storage medium recording an encrypted data 
signal as described in claim 1 . 

5. A data storage medium as described in claim 4, fur- 
ther recording an encrypted first key and an en- 10 
crypted second key, 

the first key used for encrypting the data signal 
having a superimposed digital watermark, and 
the second key used for encrypting the f irstkey. 75 

6. A data signal playback apparatus comprising: 

a reader for reading an encrypted data signal 
from a data storage medium as described in 20 
claim 4; 

an encryption state detector for detecting that 
the encrypted data signal read by the reader is 
encrypted; 

a decryption unit for decrypting the encrypted 25 
data signal and extracting the data signal with 
superimposed digital watermark; 
a digital watermark decoder for extracting the 
digital watermark from the data signal decrypt- 
ed by the decryption unit, and identifying con- 30 
tent of the identification data; and 
a playback controller for comparing the state 
detected by the encryption state detector and 
the state indicated by the identification data de- 
tected by the digital watermark decoder, and 35 
prohibiting playback of the data signal if said 
states do not match. 

7. A data signal playback apparatus as described in 
claim 6, wherein the encryption state detector de- *o 
termines the encrypted data signal is encrypted 
when the decryption unit can extract a data signal. 

8. A data signal playback apparatus as described in 
claim 6, wherein the digital watermark further con- 45 
tains type data indicating a type of data storage me- 
dium recording the encrypted data signal; 

the data signal playback apparatus further 
comprising a type detector for determining the $° 
data storage medium type, and 
the playback controller permits data signal 
playback when the data storage medium type 
declared by the type data matches the data 
storage medium type identified by the type de- 55 
tector. 

9. A data signal playback apparatus as described in 



claim 6 S wherein the data storage medium further 
records an encrypted first key and an encrypted 
second key. the first key used for encrypting the da- 
ta signal having a superimposed digital watermark, 
and the second key used for encrypting the first key, 
and 

the decryption unit has a third key used for en- 
crypting the second key and specifically as- 
signed to the data signal playback apparatus, 
decrypts the encrypted second key using the 
third key to obtain the second key, 
decrypts the encryption first key using the sec- 
ond key to obtain the first key, and 
decrypts the encrypted data signal using the 
obtained first key to extract the data signal with 
superimposed digital watermark. 

10. A data signal playback apparatus as described in 
claim 8, comprising a drive device containing the 
reader, encryption state detector, type detector, and 
a first authentication unit; 

a decoder containing the decryption unit, digital 

watermark decoder, playback controller, and a 

second authentication unit; and 

an. interface connecting the drive device and 

decoder; 

wherein the first authentication unit and second 
authentication unit communicate through the 
interface, the first authentication unit verifies if 
the decoder is a compliant device, and the sec- 
ond authentication unit verifies if the drive de- 
vice is a compliant device; and 
the playback controller permits data signal 
playback when authentication by the first au- 
thentication unit and the second authentication 
unit is successful. 

11. A data signal playback apparatus as described in 
claim 1 0, wherein the data storage medium further 
records a first authentication key and a second au- 
thentication key used respectively by the first au- 
thentication unit and second authentication unit; 

the first authentication unit has a first device, 
key assigned specifically to the drive device, 
and generates a first media authentication key 
based on the first authentication key, first de- 
vice key, and data storage medium type detect- 
ed by the type detector; 

the second authentication unit has a second 
device key assigned specifically to the decoder, 
and generates a second media authentication 
key based on the second authentication key 
and second device key; and 
the first authentication unit and second authen- 
tication unit compare the first media authenti- 
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cation key and the second media authentica- 
tion key for authentication. 

12. A data signal playback apparatus as described in 
claim 1 1 , wherein the second authentication unit de- 5 
tects the data storage medium type using at least 
one of an authentication process and data signal 
transmission procedure that differs for each data 
storage medium type. 

w 

13. A data signal recording apparatus for recording a 
copy-controlled data signal to a data storage medi- 
um, comprising: 

a digital watermark processor for superimpos- '5 
ing to the data signal as a digital watermark 
identification data identifying the data signal as 
an encrypted signal; 

an encryption unit for generating an encrypted 
data signal by encrypting the data signal to 20 
which the digital watermark processor superim- 
posed a digital watermark; and 
a writer for writing the encrypted data signal 
generated by the encryption unit to the data 
storage medium. 25 

14. A data signal recording apparatus as described in 
claim 13, further comprising a type detector for de- 
tecting a data storage medium type; 

wherein the digital watermark f urthercontains so 
type data detected by the type detector indicating a 
type of data storage medium recording the encrypt- 
ed data signal. 

15. A data signal recording apparatus as described in 35 
claim 14 ; further comprising a digital watermark de- 
coder for extracting the digital watermark superim- 
posed to the data signal and detecting the content 
indicated by the identification data; and 

a recording controller for permitting recording «o 
based on the identification data detected by the dig- 
ital watermark decoder. 

16. A data signal recording apparatus as described in 
claim 15, comprising a drive device containing the 
writer type detector, and a first authentication unit; 

an encoder containing the encryption unit, dig- 
ital watermark processor, digital watermark de- 
coder, recording controller, and a second au- so 
thentication unit; and 

an interface connecting the drive device and 
encoder; 

wherein the first authentication unit and second 
authentication unit communicate through the 55 
interface, the first authentication unit verifies if 
the encoder is a compliant device : and the sec- 
ond authentication unit verifies if the drive de- 



vice is a compliant device; and 
the recording controller permits data signal re- 
cording when authentication by the first authen- 
tication unit and the second authentication unit 
is successful . 

17. A data signal recording apparatus as described in 
claim 16, wherein the data storage medium further 
records a first authentication key and a second au- 
thentication key used respectively by the first au- 
thentication unit and second authentication unit; 

the first authentication unit has a first device 
key assigned specifically to the drive device, 
and generates a first media authentication key 
based on the first authentication key, first de- 
vice key, and data storage medium type detect- 
ed by the type detector; 

the second authentication unit has a second 
device key assigned specifically to the encoder, 
and generates a second media authentication 
key based on the second authentication key 
and second device key; and 
the first authentication unit and second authen- 
tication unit compare the first media authenti- 
cation key and the second media authentica- 
tion key for authentication. 

18. A data signal recording apparatus as described in 
claim 17, wherein the second authentication unit 
detects the data storage medium type using at least 
one of an authentication process and data signal 
transmission procedure that differs for each data 
storage medium type. 

19. A data signal recording apparatus as described in 
claim 13, wherein the data storage medium further 
records a second key encrypted with a third key as- 
signed specifically to the data signal recording ap- 
paratus; 

the encryption unit obtains the first key based 
on any of random numbers internally generated 
by the encryption unit, the first key recorded to 
the data storage medium, and first key data su- 
perimposed to a radio wave, and encrypts the 
data signal with superimposed digital water- 
mark using the first key, 

encrypts the first key using the second key; and 
obtains the second key based on the third key 
and encrypted second key recorded to the data 
storage medium. 

20. A data signal recording apparatus as described in 
claim 1 9, wherein the writer further writes the first 
key encrypted with the second key to the data stor- 
age medium. 
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